Microsoft Office 365 has gotten heavy adoption in the public schools sector. I am writing an app that lets teachers communicate with parents about classroom activities, schedules, etc. using Onenote for content, and Outlook/Exchange calendars for scheduling. Since teachers in the school system I'm writing this for have heavily adopted Onenote, it makes sense to use onenote notebooks as a back end of sorts for the information that will be accessible from the client app. I am stuck at how to authenticate with Azure AD. Here's the scenario, and I'd like some advice in navigating all the MS documentation on Graph, AD, Azure, etc. It's a bit overwhelming as there seems to be 10 ways to do everything.
- The client is a mobile app that is installed by parents on iOS or Android devices.
- Parents can see school level information, as well as class level information, files, photos, etc. No authentication is required on the parent's part in the app. School staff will create calendars and notebooks for content.
- Each teacher creates a dedicated notebook with sections and pages that will be displayed on their 'page' in the mobile app. The school builds a list of notebook and calendar IDs that the app will access.
- A node.js app acts as a REST api to the mobile app, and a REST client to Office Live via msGraph, or the onenote api directly
- School system IT gives my node.js app read access to any and all Onenote notebooks and Outlook calendars that have been listed for each school.
- alternately, each teacher may grant my application access to their notebooks and calendars similar to how other app integrations work (docusign, etc), but preferably I'd like it to be done at a single point for the entire organization by IT admins
With these design guidelines, what method of authentication is required to be implemented in my app and in Azure AD in order for my app to access these resources without AD authentication on the part of the end users, the parents? I'm totally overwhelmed by many conflicting sample projects, articles, and howtos on MSDN.
You will need app level access to the Microsoft Graph OneNote APIs. Here's the reference: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
And for reading calendars and notebooks, you will need Calendars.Read and Notes.Read.All "application" permissions